diff options
| author | Paul Grayson <pdg@alum.mit.edu> | 2014-06-13 11:08:11 -0700 |
|---|---|---|
| committer | Paul Grayson <pdg@alum.mit.edu> | 2014-06-13 12:55:55 -0700 |
| commit | 19af434840802ca0feb39253241917286467a86e (patch) | |
| tree | a2d0fb1a0cca7b0e8194b4fcf9dce766a7c0c2af /actionview/lib/action_view/helpers/form_tag_helper.rb | |
| parent | 6071d626e50c1bfc45a5a15f403c56086e632ad4 (diff) | |
| download | rails-19af434840802ca0feb39253241917286467a86e.tar.gz rails-19af434840802ca0feb39253241917286467a86e.tar.bz2 rails-19af434840802ca0feb39253241917286467a86e.zip | |
In actionview, eliminate calls to tag that use html_safe parameter values. This is generally unnecessary, since tag handles string quoting, except in one case (utf8_enforcer_tag) where we want to specify the encoding ourselves.
Diffstat (limited to 'actionview/lib/action_view/helpers/form_tag_helper.rb')
| -rw-r--r-- | actionview/lib/action_view/helpers/form_tag_helper.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/actionview/lib/action_view/helpers/form_tag_helper.rb b/actionview/lib/action_view/helpers/form_tag_helper.rb index 88b8400644..7a7ddaa41c 100644 --- a/actionview/lib/action_view/helpers/form_tag_helper.rb +++ b/actionview/lib/action_view/helpers/form_tag_helper.rb @@ -794,9 +794,11 @@ module ActionView end # Creates the hidden UTF8 enforcer tag. Override this method in a helper - # to customize the tag. + # to customize the tag. Note that we have the HTML written out + # explicitly here to avoid potential problems with including a + # unicode character in output. def utf8_enforcer_tag - tag(:input, :type => "hidden", :name => "utf8", :value => "✓".html_safe) + %{<input name="utf8" type="hidden" value="✓" />}.html_safe end private |